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DETAILED ACTION 

Drawings 

1 . Figures 4-7 are objected to because of depicting flow charts that has conditional 
blocks without any indication of the flow based on the condition. Conditional block 
typically contain a Yes/No question or True/False test. This symbol is unique in that it 
has two arrows coming out of it, one corresponding to Yes or True, and one 
corresponding to No or False. In this case, conditional blocks, depicted in figures 4-7, 
do have two arrows coming out of them but has no indication of which arrow represent 
Yes/True and which arrow represent No/False condition. In fig 4 block labeled as S406, 
in fig 5 blocks labeled as S504, S510, S508, S514 and S516, in fig 6 block labeled S608 
and in fig 7 block labeled S706 are the conditional blocks without indication of the flow 
based on the condition. Each block should have two arrows and a corresponding 
indication of the flow. Correction is required. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in 
reply to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the immediate 
prior version of the sheet, even if only one figure is being amended. The figure or figure 
number of an amended drawing should not be labeled as "amended." If a drawing figure 
is to be canceled, the appropriate figure must be removed from the replacement sheet, 
and where necessary, the remaining figures must be renumbered and appropriate 
changes made to the brief description of the several views of the drawings for 
consistency. Additional replacement sheets may be necessary to show the renumbering 
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of the remaining figures. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, 
the applicant will be notified and informed of any required corrective action in the next 
Office action. The objection to the drawings will not be held in abeyance. 

Claim Objections 

2. Claim 5 is objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. Currently claim 5 depends 
from claim 4. Claim 5 simply rewrite claim 4 and thus fail to further limit the subject 
mater of claim 4. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-7, 10-24 and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Pham et al. (US 2003/0097591) in view of Bates et al. (US 6721721) 
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Regarding Claim 1, Pham discloses an apparatus for providing verification of a 
security status of an on-line service (Paragraph 0005 lines 2-5, "Protecting users from 
Web sites hosting computer viruses and for protecting web hosting systems from 
hosting web pages that contains links to computer viruses"), comprising: 

a database that stores a profile of devices and services comprising the on-line 
service and a corresponding indication of their vulnerability (Figure 2 numeral 1 16, 
paragraph 24 lines 4-10, "Information relating to pages that have been examined, in 
addition to information relating to pages that are found to contain a computer virus, or 
information relating to a computer virus, is stored in virus site database system 116") 

a verification engine that provides verification to visitors of the on-line service via 
a network (paragraph 24, lines 1-7, "Web security system 114 can then use the 
information in virus site database 116 to provide a screening service, in which requests 
for particular Web pages are screened against the information in virus site database 
1 16 to detect and, if desired, prevent fulfillment of requests for Web pages that contain 
a computer virus, or information relating to a computer virus.") by displaying an 
indication of the security status of the on-line service to the visitor in accordance with 
the stored profile (paragraph 0044 lines 25-27, "Typically, some message or notification 
is presented to the user indicating that the requested page will not be received"). 

Pham teaches that some message or notification is presented to the user. Pham 
doesn't clearly suggest displaying an indication of the security status of the on-line 
service to the visitor. Pham also does not teach the visual appearance of the indication 
is changed in accordance with a level of security computed for the on-line service. 
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However, Bates in the same field of endeavor of on-line security discloses 
displaying an indication of the security status of the on-line service to the visitor. (Fig 8 
numerals 238 and 240, Column 6 lines 63-65, "...generation of display information for a 
result set that is based at least in part on virus status information stored in virus 
database 46"). Bates further teaches that the visual appearance of the indication is 
changed in accordance with a level of security computed for the on-line service (Column 
12 lines 25-27, "It may be desirable to define different degree of trustworthiness, and 
separately identify result records matching such different degree", also at Column 11 
lines 59-67, "the display information for result records determined to present a risk of 
virus infection may be highlighted in the display representation, e.g., by providing a 
unique icon in proximity with the display information"). 

Therefore, It would have been obvious at the time the invention was made to one 
of ordinary skill in the art to display, the message about security status of the on-line 
service, as taught by Pham, to the visitor as taught by Bates so that visitor can view the 
information provided and decide if he want to trust the web-site or no. Further, it would 
have been obvious to display the indicator taught by Bates to change the visual 
appearance of the indication in accordance with a level of security computed for the on- 
line service as suggested by Bates in the same reference to "separately identify files for 
which no virus status information is available... Also, files that have never had a virus 
may be distinguished from files that have been free of infection for a certain period of 
time" (Column 12, lines 26-33). [The term Tiles" here does not refer to only local files 
stored on a local computer but it refers to Files, documents and other network- 
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accessible data capable of being represented and accessed by a user via search 
results (Column 6, lines 45-52)1 

Regarding Claim 2, the rejection of claim 1 is incorporated and further Pham 
discloses a scanning engine that detects the devices and services comprising the on- 
line service (paragraph 0024, lines 1-5, " Web crawler system 112 performs this Web 
crawling function, but in addition, examines the content of each page that is fetched in 
order to determine whether the page contains a computer virus, or information relating 
to a computer virus", paragraph 0025 lines 1-4 'Web security system 114 can then use 
the information in virus site database 1 16 to provide a screening service, in which 
requests for particular Web pages are screened against the information in virus site 
database"). 

Regarding Claim 3, the rejection of claim 2 is incorporated and further Pham 
discloses that the scanning engine further performs a comparison between vulnerability 
fingerprints and the devices and services to obtain the corresponding vulnerability 
indications (paragraph 0025 lines 1-5, "Web security system 1 14 can then use the 
information in virus site database 116 to provide a screening service, in which requests 
for particular Web pages are screened against the information in virus site database 
116"). 

Regarding Claim 4, the rejection of claim 1 is incorporated and further Pham 
discloses that the apparatus is remote from the on-line service on the network (Figure 1 
numeral 110). 
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Regarding Claim 5, the rejection of claim 4 is incorporated and as discusses in 
above claim objection, claim 5 depends for claim 4 and fails to further limit claim 4, so 
claim 5 is rejected for the same reason set forth in the rejection of claim 4 above. 

Regarding Claim 6, the rejection of claim 1 is incorporated and further Bates 
discloses that the displayed indication is made in response to the visitor clicking a bug 
displayed by the on-line service (Column 12 lines 5-9, "a user may be warned whenever 
the user interacts with the display information associated with a risky result record, e.g., 
when selecting, or even positioning a pointer proximate to, the display information or a 
hypertext link therein.") 

Regarding Claim 7, the rejection of claim 1 is incorporated and further discloses 
an alert engine that sends alerts to the on-line service in accordance with the 
comparison performed by the scanning engine (Fig 6, numeral 610, paragraph 0048 
lines 5-8, "In step 610, the administrator of the Web hosting system, upon which the 
Web page was to be hosted, is informed that the Web page contains one or more links 
to a virus site"). 

Regarding Claim 10, the rejection of claim 1 is incorporated and further Pham 
discloses the verification engine further receives requests for registration of new on-line 
services, the verification engine registering the new on-line services in accordance with 
a determination that a bug exists at a pre-defined URL (Fig 3 numerals 80 and 92). 

Regarding Claim 11, the rejection of claim 1 is incorporated and further Pham 
discloses that the on-line service is a website. (Paragraph 0006 lines 5-6, "determining 
whether the Web page is hosted by a Web site".) 
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Regarding Claim 12, the rejection of claim 10 is incorporated and further Pham 
discloses that the on-line service is a website. (Paragraph 0006 lines 5-6, "determining 
whether the Web page is hosted by a Web site".) 

Regarding Claim 13, the rejection of claim 1 is incorporated and further Pham 
discloses that the network in the Internet. (Fig 1, Numeral 15). 

Regarding Claim 14, Pham discloses an apparatus for providing verification of a 
security status of one or more on-line services (Paragraph 0005 lines 2-5, "Protecting 
users from Web sites hosting computer viruses and for protecting web hosting systems 
from hosting web pages that contains links to computer viruses"), comprising: 

a database that stores respective profiles of devices and services comprising the 
on-line services and corresponding indications of their vulnerability (Figure 2 numeral 
116, paragraph 24 lines 4-10, "Information relating to pages that have been examined, 
in addition to information relating to pages that are found to contain a computer virus, or 
information relating to a computer virus, is stored in virus site database system 116") 

a security website that receives requests for verification from actual or potential 
visitors of a selected one of the on-line services via a network (paragraph 24, lines 1-7, 
"Web security system 114 can then use the information in virus site database 1 16 to 
provide a screening service, in which requests for particular Web pages are screened 
against the information in virus site database 1 16 to detect and, if desired, prevent 
fulfillment of requests for Web pages that contain a computer virus, or information 
relating to a computer virus.") and provides a graphical indication of the security status 
of the selected on-line service to the visitor in accordance with the stored profile 
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(paragraph 0044 lines 25-27, "Typically, some message or notification is presented to 
the user indicating that the requested page will not be received"). 

Pham teaches a verification engine but does not disclose a security website what 
receives request for verification from actual or potential visitors. Further Pham teaches 
that some message or notification is presented to the user. Pham doesn't clearly 
suggest displaying a graphical indication of the security status of the on-line service to 
the visitor. Pham also does not teach the visual appearance of the graphical indication 
is changed in accordance with a level of security computed for the on-line service. 

However, Bates in the same field of endeavor of on-line security discloses a 
security website what receives request for verification from actual or potential visitors 
(Fig 8 Numeral 200). Bates further discloses displaying a graphical indication of the 
security status of the on-line service to the visitor (Fig 8 numerals 238 and 240, Column 
6 lines 63-65, "...generation of display information for a result set that is based at least 
in part on virus status information stored in virus database 46"). Bates further teaches 
that the visual appearance of the graphical indication is changed in accordance with a 
level of security computed for the on-line service (Column 12 lines 25-27, "It may be 
desirable to define different degree of trustworthiness, and separately identify result 
records matching such different degree", also at Column 1 1 lines 59-67, "the display 
information for result records determined to present a risk of virus infection may be 
highlighted in the display representation, e.g., by providing a unique icon in proximity 
with the display information"). 
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Therefore, It would have been obvious at the time the invention was made to one 
of ordinary skill in the art to provide a security web-site as taught by Bates in the system 
of Pham so that potential user can get the security status of a web-site without the need 
for even visit the homepage of that web-site. Further it would have been obvious to 
display, the message about security status of the on-line service, as taught by Pham, to 
the visitor, as taught by Bates so that visitor can view the information provided and 
decide if he/she wants to trust the web-site or no. Further, it would have been obvious to 
display the indicator taught by Bates to change the visual appearance of the indication 
in accordance with a level of security computed for the on-line service as suggested by 
bates in the same reference to "separately identify files for which no virus status 
information is available... Also, files that have never had a virus may be distinguished 
from files that have been free of infection for a certain period of time" (Column 12, lines 
26-33). 

Regarding Claim 15, the rejection of claim 14 is incorporated and further bates 
discloses that the graphical indication is a security meter (Column 1 1 lines 61-67, "the 
display information for result records determined to present a risk of virus infection may 
be highlighted in the display representation, e.g., ...distinct display color...") 

Regarding Claim 16, the rejection of claim 14 is incorporated and further bates 
discloses that the security website is further operative to provide graphical indicators of 
the security status of a plurality of the on-line services in accordance with the stored 
profiles and requests by the visitors (Fig 8, Numerals 232, 234 and 236) 
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Regarding Claim 17, the rejection of claim 14 is incorporated and further Pham 
discloses a scanning engine that detects the devices and services comprising the on- 
line services (paragraph 0024, lines 1-5, " Web crawler system 112 performs this Web 
crawling function, but in addition, examines the content of each page that is fetched in 
order to determine whether the page contains a computer virus, or information relating 
to a computer virus", paragraph 0025 lines 1-4, "Web security system 1 14 can then use 
the information in virus site database 1 16 to provide a screening service, in which 
requests for particular Web pages are screened against the information in virus site 
database"). 

Regarding Claim 18, the rejection of claim 17 is incorporated and further Pham 
discloses that the scanning engine further performs a comparison between vulnerability 
fingerprints and the devices and services to obtain the corresponding vulnerability 
indications (paragraph 0025 lines 1-5, "Web security system 114 can then use the 
information in virus site database 1 16 to provide a screening service, in which requests 
for particular Web pages are screened against the information in virus site database 
116"). 

Regarding Claim 19, the rejection of claim 14 is incorporated and further Pham 
discloses that the apparatus is remote from each of the on-line services on the network 
(Figure 1 numeral 110). 

Regarding Claim 20, the rejection of claim 18 is incorporated and further Pham 
discloses that the apparatus is remote from each of the on-line services on the network 
(Figure 1 numeral 110). 
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Regarding Claim 21, Pham discloses a method for providing verification of a 
security status of an on-line service, comprising (Paragraph 0005 lines 2-5, "Protecting 
users from Web sites hosting computer viruses and for protecting web hosting systems 
from hosting web pages that contains links to computer viruses"), comprising: 

a method of detecting devices and services comprising the on-line service 
(paragraph 0024, lines 1-5, " Web crawler system 112 performs this Web crawling 
function, but in addition, examines the content of each page that is fetched in order to 
determine whether the page contains a computer virus, or information relating to a 
computer virus", paragraph 0025 lines 1-4 "Web security system 114 can then use the 
information in virus site database 116 to provide a screening service, in which requests 
for particular Web pages are screened against the information in virus site database"); 

Comparing the detected devices and services against vulnerability fingerprints 
(paragraph 0025 lines 1-5, 'Web security system 1 14 can then use the information in 
virus site database 1 16 to provide a screening service, in which requests for particular 
Web pages are screened against the information in virus site database 1 16"); 

Providing an indication of the security status of the on-line service to the visitor in 
accordance with a result of the comparing step (paragraph 0044 lines 25-27, "Typically, 
some message or notification is presented to the user indicating that the requested 
page will not be received"); 

Pham teaches that some message or notification is presented to the user. Pham 
doesn't clearly suggest displaying an indication of the security status of the on-line 
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service to the visitor. Pham also does not teach a method where visual appearance of 
the indication is changed in accordance with a level of security computed for the on-line 
service. 

However, Bates in the same field of endeavor of on-line security discloses 
displaying an indication of the security status of the on-line service to the visitor. (Fig 8 
numerals 238 and 240, Column 6 lines 63-65, "...generation of display information for a 
result set that is based at least in part on virus status information stored in virus 
database 46"). Bates further teaches that the visual appearance of the indication is 
changed in accordance with a level of security computed for the on-line service (Column 
12 lines 25-27, "It may be desirable to define different degree of trustworthiness, and 
separately identify result records matching such different degree", also at Column 1 1 
lines 59-67, "the display information for result records determined to present a risk of 
virus infection may be highlighted in the display representation, e.g., by providing a 
unique icon in proximity with the display information"). 

Therefore, It would have been obvious at the time the invention was made to one 
of ordinary skill in the art to display, the message about security status of the on-line 
service, as taught by Pham, to the visitor as taught by Bates so that visitor can view the 
information provided and decide if he want to trust the web-site or no. Further, it would 
have been obvious to display the indicator taught by bates to change the visual 
appearance of the indication in accordance with a level of security computed for the on- 
line service as suggested by bates in the same reference to "separately identify files for 
which no virus status information is available... Also, files that have never had a virus 
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may be distinguished from files that have been free of infection for a certain period of 
time" (Column 12, lines 26-33). 

Regarding Claim 22, the rejection of claim 21 is incorporated and further Pham 
discloses comparing step includes scanning the on-line service from a remote address 
on the network (Fig 1 Numeral 110). 

Regarding Claim 23, the rejection of claim 21 is incorporated and further Pham 
Bates discloses allowing the visitor to make the request by clicking a bug displayed by 
the on-line service. (Column 12 lines 5-9, "a user may be warned whenever the user 
interacts with the display information associated with a risky result record, e.g., when 
selecting, or even positioning a pointer proximate to, the display information or a 
hypertext link therein.") 

Regarding Claim 24, the rejection of claim 21 is incorporated and further Pham 
discloses sending alerts to the on-line service in accordance with the comparison 
performed by the scanning engine (Fig 6, numeral 610, paragraph 0048 lines 5-8, "In 
step 610, the administrator of the Web hosting system, upon which the Web page was 
to be hosted, is informed that the Web page contains one or more links to a virus site") 

Regarding Claim 26, the rejection of claim 21 is incorporated and further Pham 
discloses receiving a request for registration of a new on-line service (Fig 3, Numeral 
82), determining whether a bug exists at a pre-defined URL in the request (Fig 3, 
Numeral 90) and registering the new on-line services in accordance with the 
determination that the bug exists at the pre-defined URL (Fig 3, Numeral 92). 
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5. Claims 8,9 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Pham et al. (US 2003/0097591) in view of Bates (US 6721721) and further in view 
of Bunker, V el al. (US 2003/0028803). 

Regarding Claim 8, the rejection of claim 7 is incorporated. Pham discloses an 
alert engine to alert on-line service for viruses potentially affecting the on-line service. 
Pham doesn't explicitly teach that alert engine further determines whether new 
vulnerabilities potentially affect the on-line service. 

However, Bunker in the in the same field of endeavor of network security 
discloses that the alert engine further determines whether new vulnerabilities potentially 
affect the on-line service (paragraph 0020 line 1-2, "only customers affected by the new 
security vulnerabilities may receive the alert") 

Therefore, It would have been obvious at the time the invention was made to 
one of ordinary skill in the art further modify the alert engine as taught by Pham to 
determines whether new vulnerabilities potentially affect the on-line service as taught by 
Bunker, so "if the new vulnerability is found to affect the customer systems or networks 
then a possibly detailed alert may be sent to the customer" (paragraph 0019, 14-16). 

Regarding claim 9, the rejection of claim 8 is incorporated and further Bunker 
teaches that the alert engine is operative to further determine whether new 
vulnerabilities potentially affect the on-line service based on information in the stored 
profile and newly received vulnerability information without requiring a new scan by the 
scanning engine to detect devices and services comprising the on-line service 
(paragraph 0019 line 11-14, "The configuration of the new vulnerability may be 



Application/Control Number: 10/674,878 Page 16 

Art Unit: 21 12 ' 

compared to the customer's system network configuration in the last test for the 
customer. ") 

Therefore, It would have been obvious at the time the invention was made to one 
of ordinary skill in the art further modify the alert engine as taught by Pham to send alert 
based on information in the stored profile and newly received vulnerability information 
without requiring a new scan, as taught by Bunker so "only customers affected by the 
new security vulnerabilities may receive the alert" (paragraph 0020 lines 1-2) also this 
kind of configuration provides real time security alerts that warns operators to perform 
appropriate action when new newly received security vulnerability can potentially harm 
their system. 

Regarding Claim 25, the rejection of claim 24 is incorporated. Pham discloses an 
alert engine to alert on-line service for viruses potentially affecting the on-line service. 
Pham doesn't explicitly teach that alert engine further determines whether new 
vulnerabilities potentially affect the on-line service. 

However, Bunker in the in the same field of endeavor of network security 
discloses that the alert engine further determines whether new vulnerabilities potentially 
affect the on-line service (paragraph 0020 line 1-2, "only customers affected by the new 
security vulnerabilities may receive the alert") 

Therefore, It would have been obvious at the time the invention was made to 
one of ordinary skill in the art to further modify the alert engine as taught by Pham to 
determines whether new vulnerabilities potentially affect the on-line service as taught by 
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Bunker, so "if the new vulnerability is found to affect the customer systems or networks 
then a possibly detailed alert may be sent to the customer" (paragraph 0019, 14-16). 

Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Yogesh Paliwal whose telephone number is (571) 270- 
1807. The examiner can normally be reached on M-F: 7:30 AM - 5:00 PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Brian P. Werner can be reached on (571) 272-7401. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




BRIAN WERNER 
SUPERVISORY PATENT EXAMINER 



